Health Network Inc provides patients and clinics with information technology solutions that help them in making of payments, communications, and decision making through the three products they offer. These include HNetExchange, HNetPay, and HNetConnect . The company has several branches in Minneapolis, Portland, and Arlington, USA with three production centers. These data centers host production servers and various hardware tools such as company-issued laptops and mobile devices.

Health Network Inc, gets exposed to various risks since it uses an Information Technology Infrastructure to run its business operations. This poses a threat to Health Network Inc business continuity and therefore to manage this risk effective risk management strategies is adopted by the company. The purpose of this risk management plan is to review the company’s outdated risk management plan and deal with the threats that were identified after it was reviewed. These threats include; company data and information being lost, loss of customers, insider threats, changes in regulations, and internet threats.

Updating and developing a new risk management plan will enable Health Network Inc to be ready for how unexpected events will impact the business and their consequences. It will enable the company to develop proper risk management strategies to avoid financial loss, intellectual property loss, reputation damage,damage of business operations, harm to staff, and legal penalties (Yildirim, 2017).

In addition, the risk management is important because it enable the company to develop effect risk management strategy in regards to information security. It will increase customers and shareholders confidence in the company and increase Health Network Inc’s competitiveness (Yildirim, 2017).Furthermore, the risk management plan will enable the company to find measures that will reduce costs and also increase staff knowledge level of information security and they can become more conscious and responsible (Yildirim, 2017).

The risk management policy will include Health Network Inc ‘s assets, equipment, and Information Technology infrastructure. All referenced material will be preserved with the previous documents to ensure document control. The risk manager will direct all departments at Health Network Inc, patient care professionals, and services to collaborate.

Cyber risks such as malware, hacking, and viruses affect business organizations and therefore Health Networks Inc will be at risk of violating privacy laws. A company such as Health Networks Inc, which deals with sensitive information regarding patients and health professionals, are required by law to ensure they have measures set in place to prevent privacy breaches and protect all information (Sales, 2014).

Environmental concerns are among compliance laws that Health Network Inc have to deal with. Since the company has several data production centers, they have to ensure that their business operations do not lead to environmental damage and pollution (Sales, 2014). Therefore, the company has to achieve environmental compliance by integrating their business strategies with sustainability (Sales, 2014).

Health Networks Inc is required to comply with regulations such as Health Insurance Portability and Accountability Act (HIPAA). This Act requires companies to protect health information such as payments, patients insurance information and an other information (Sales, 2014).

· Overseeing the risk management plan activities.

· Planning and providing the necessary resources.

· Ensure compliance with federal, local, and state regulations.

· Developing, implementing and evaluating risk management plan outcome.

2.1.2 Senior management

· Oversee development and implementation of risk management plan

· Reviewing risk management plan and updating it.

· Motivate collaboration of all staff and shareholders and support of the risk management plan agendas.

· Establish a risk managers and compliance committee.

· Review, report and recommend to directors and top level management.

· Develop training and procedures for risk management.

· Encourage an organization culture that supports the risk management plan.

· Identify new risks and report to the risk managers and compliance committee.

· Develop risk management processes and control

· Emphasize on employees understanding risk management processes and issues.

· Identify and report risks to their supervisors.

· Assisting in the risk mitigation processes.

· Adapt the established risk management plans in their duties.

Risk management process involves identifying, assessing and minimizing risks associated with projects. This process helps project managers and risk managers to mitigate and deal with risks and improve it’s success (Rahman & Adnan, 2020).

This involves evaluation an organization’s environmental factors, risk management plan, and organizational culture.This is done to identify threats and risks that may occur and this can later be dealt with using various strategies.After assessment of Health Network Inc’s current risk management plan several threats were identified.These included;

· Company data being lost due to removal of hardware removal from the production systems.

· Company information loss

· Customer loss

· Internet threats such as malware, hacking, and viruses

· Insider threats

The risk manager will assess the identified risks with the help of the project team to determine the risk probability and impact of its occurrence of each risk that was identified. The following approach will be used:

Probability

Greater than <70%> probability of occurrence- High.

Between <30%> and <70%> probability of occurrence- Medium.

Below <30%> probability of occurrence- Low.

Impact

Project schedule, project cost or performance will be greatly impacted by risk- High.

Project schedule, project cost or performance will be slightly impacted by risk- Medium.

Project schedule, project cost or performance will be relatively little impacted by risk- Low.

Any risk that falls withing yellow and red zones will be dealt with using risk response planning. This may include risk mitigation, or risk contingency plan or both.

Figure 3.1 Risk Probability Matrix

Negative risks can be dealt with using four risk response strategies;

Avoid – This involves eliminating the threat completely (University of Waterloo, 2018).

Transfer – Transferring the threat impact to a third party (University of Waterloo, 2018).

Mitigate – Reduce the probability of the risk occurring (University of Waterloo, 2018).

Accept – acknowledging the risk, and only taking action if the risk occurs (University of Waterloo, 2018).

Figure 3.2 Proposed schedule

Rahman, M. S., & Adnan, T. M. (2020). Risk management and risk management performance measurement in the construction projects of Finland. Journal of Project Management, 167–178. https://doi.org/10.5267/j.jpm.2020.5.001

Sales, F. (2014). Compliance risk. SearchCompliance. https://searchcompliance.techtarget.com/definition/compliance-risk

University of Waterloo. (2018, March 15). Risk Responses. University of Waterloo. https://uwaterloo.ca/ist-project-management-office/risk-responses

Yildirim, E., Y. (2017). The Importance of Risk Management in Information Security THE IMPORTANCE OF RISK MANAGEMENT IN INFORMATION SECURITY. International Journal of Advances in Electronics and Computer Science, 4(1), 2393–2835. http://www.iraj.in/journal/journal_file/journal_pdf/12-335-148895426318-21.pdf

‌